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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)[X] Responsive to communication(s) filed on 10 November 2005 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) See Continuation Sheet is/are pending in the application. 

4a) Of the above claim(s) See Continuation Sheet is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) KI Claim(s) 1.3-6,9-11 .13. 16-21. 23-27,29-32,35-37. 39, 42-47, 49-59, 62-64. 66. 69-74 and 76-79 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)[3 The drawing(s) filed on 15 March 2002 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Continuation Sheet (PTOL-326) Application No. 10/099,799 

Continuation of Disposition of Claims: Claims pending in the application are 1,3-6,9-11,13,16-21,23-27,29-32,35-37,39,42- 
47,49-59,62-64,66,69-74 and 76-79. 

Continuation of Disposition of Claims: Claims withdrawn from consideration are 
2,7,8,12,14,15,22,28,33,34,38,40,41,48,55,60,61,65,67,68 and 75. 
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1. Claims 1,3-6,9-11,13,16-21,23-27,29-32,35-37,39,42-47,49-59,62-64,66,69-74 
and 76-79 are pending and have been examined. 

2. Claims 2,7,8,12,14,1 5,22,28,33,34,38,40,41 ,48,55,60,61 ,65,67,68 and 75 have 
been canceled. 

Response to Arguments 

3. Applicant's arguments with respect to claims 1,3-6,9-11,13,16-21,23-27,29- 
32,35-37,39,42-47,49-59,62-64,66,69-74 and 76-79 have been considered but are moot 
in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

4. Claims 1,3-6,9-11,13,16-21,23-27,29-32,35-37,39,42-47,49-59,62-64,66,69-74 
and 76-79 are rejected under 35 U.S.C. 103(a) as being unpatentable over Makower et 
al. (U.S. Patent Application Publication 2002/0184507), and further in view of Cuomo et 
al (U.S. Patent Application Publication 2002/0091757). 

For claims 1, 27, 53 and 54, Makower et al. teach an authenticated identity 
translation system comprising: means for establishing an authenticated user identity at 
an initial server responsive to an identification and authentication event (note 
paragraph [0032]) within a domain (note paragraph [0016]) comprising said initial 
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server and at least one subsequent server (note paragraph [0020]), said identification 
and authentication event occurring at said initial server (note paragraph [0031]), said 
server unit and said at least one subsequent server employing disparate user 
registries with different user identities (note paragraph [0035]), said disparate user 
registries being separately maintained by the servers and being logically 
represented in a global registry maintained by a domain controller, said global 
registry including information that establishes a correspondence between a user 
identity in the initial server with a corresponding, local user identity within the at 
least one subsequent server (note the last sentence of paragraph [0035]); means for 
generating a translation token representative of said identification and authentication 
event (note paragraph [0033]) and providing said translation token to said domain 
controller (note paragraph [0033]), storing said translation token by said domain 
controller and obtaining a token reference from said domain controller, said 
token reference comprising an index to said stored translation token within said 
domain controller (note paragraph [0033]); and means for translating the 
authentication user identity of said server unit to a local user identity of said at least 
one subsequent server (note paragraph [0036]), wherein said at least one subsequent 
server initiates said translating employing said token reference, said translating 
comprising: forwarding said token reference to said domain controller (note 
paragraph [0030]), and employing said token reference at the domain controller to 
retrieve said translation token and translate the authenticated user identify of 
said initial server to the local user identity of said at least one subsequent server 
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employing said global registry of said corresponding user identities maintained 
by the domain controller.(note paragraphs [0035] and [0036]). 

Makower et al. differ from the claimed invention in that they fail to specify means 
for forwarding said token reference from the initial server to said at least one 
subsequent server along with a request; and the domain controller receives the 
token reference from the at least one subsequent server. 

Cuomo et al. teach means for forwarding said token reference from the 
initial server to said at least one subsequent server along with a request; and the 
domain controller receives the token reference from the at least one subsequent 
server (note paragraph [0009]). 

One of ordinary skill in the art at the time of the invention would have been 
motivated to combine the system of Makower et al. with the proxy system of Cuomo et 
al. making the web servers of Makower et al. also act as proxies for the cookie 
exchange between the client browser and the central sign-on server because it would 
increase the security of the system because the central sign-on server would no longer 
be directly accessible from the outside world. 

For claims 3, 29 and 56, the combination of Makower et al. and Cuomo et al. 
teaches the method of claims 1, 27 and 54, wherein, said translation token includes at 
least some of an identity of the initial server, a user identity, and a time stamp 
representative of time of authentication (note paragraph [0031] of Makower et al.). 
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For claims 4, 30 and 57, the combination of Makower et al. and Cuomo et al. 
teaches the method of claims 3, 29 and 56 wherein said generating further comprises 
obtaining signing value pair information from the domain controller, and signing the 
translation token using said signing value pair (note paragraph [0033] of Makower et 
al.)- 

For claims 5, 31 and 58, the combination of Makower et al. and Cuomo et al. 
teaches the method of claims 4, 30 and 57 wherein said translating by the domain 
controller further comprises validating the translation token signature prior to said 
translating of the authenticated user identity to the local user identity using the global 
registry of different user identities (note paragraph [0034] of Makower et al.). 

For claims 6, 32 and 59, the combination of Makower et al. and Cuomo et al. 
teaches the method of claims 5, 31 and 58 wherein said signing value pair comprises a 
signing value and a sequence number (note paragraph [0028] of Makower et al.), and 
wherein said sequence number is encrypted by the domain controller employing an 
encryption key known only to the domain controller (note paragraph [0031] of Makower 
et al.), and said validating includes employing the encryption key to validate the 
translation token (note paragraph [0035] of Makower et al.). 

For claims 9, 35 and 62, the combination of Makower et al and Cuomo et al. 
teaches a method of claims 1, 27 and 54 further comprising authenticating the local 
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user identity at the at least one subsequent server, said authentication being based on 
a return code received from the domain controller with the local user identity, said return 
code being based on at least one authentication policy for the domain (note paragraphs 
[0036] and [0037]) of Makower et al.). 

For claims 10, 36 and 63, the combination of Makower et al. and Cuomo et al. 
teaches a method of claims 9, 35 and 62 wherein said at least one authentication policy 
is user dependent or method of authentication dependent for said at least one 
subsequent server, and wherein the method of authentication comprises a method of 
authentication employed by said means for establishing of said authenticated user 
identity at said initial server (note paragraphs [0020], [0032] and [0037] of Makower et 
al.). 

For claims 1 1 , 37 and 64, the combination of Makower et al. and Cuomo et al. 
teaches a method of claims 1, 27 and 54 further comprising means for repeating said 
method for at least one additional subsequent server (note paragraph [0020] of 
Makower et al.), wherein with each repeating, said at least one subsequent server 
becomes said initial server and said at least one additional subsequent server 
becomes said at least one subsequent server (note paragraph [0034] of Makower et 
al.), wherein said domain controller is employed by each at least one additional 
subsequent server in translating the token to a respective local user identity (note 
paragraph [0022] of Makower et al.). 
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For claims 13, 39 and 66, the combination of Makower et al. and Cuomo et al. 
teaches the domain comprises a trust domain, and wherein the method further 
comprises initially establishing said trust domain within which the authenticated identity 
translation is to occur (note paragraphs [0021] and [0022] of Cuomo et al.). 

For claims 16, 42 and 69, the combination of Makower et al. and Cuomo et al. 
teaches said method further comprises one of means for forwarding the token to the at 
least one subsequent server directly from the initial server or means for forwarding the 
token from the initial server through a user of the initial server to the at least one 
subsequent server (note paragraph [0009] of Cuomo et al and paragraphs [0030] 
[0031] and [0038] of Makower etal.). 

For claims 17, 43 and 70, the combination of Makower et al. and Cuomo et al. 
teaches the initial server and the at least one subsequent server reside in different 
partitions of a multi-partition computing environment (note paragraph [0021] of Makower 
etal.). 

For claims 18, 44 and 71 , the combination of Makower et al. and Cuomo et al. 
teaches the method of claims 1, 27 and 54 wherein the initial server is also another 
subsequent server to a further initial server establishing another authenticated user 
identity (note paragraph [0035] of Makower et al.). 
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For claims 19, 45 and 72, the combination of Makower et al. and Cuomo et al. 
teaches the method of claims 18, 44 and 71 wherein the at least one subsequent 
server comprises said further initial server (note paragraph [0035] of Makower et al.). 

For claims 20, 46 and 73, the combination of Makower et al. and Cuomo et al. 
teaches the method of claims 1, 27 and 54 further comprising means for repeating said 
method for multiple users, employing multiple initial servers, each requiring access to at 
least one subsequent server (note paragraph [0026] of Makower et al.). 

For claims 21 , 47 and 74, the combination of Makower et al. and Cuomo et al. 
teaches said domain comprises a heterogeneous computing network (note FIG. 1 of 
Makower et al.), and wherein said initial server and said at least one subsequent 
server comprise heterogeneous computing units (note paragraph [0015] of Makower et 
al). 

For claims 23, 49 and 76, the combination of Makower et al. and Cuomo et al. 
teaches the means for generating further comprises securing the token reference 
against modification prior to said forwarding of the token reference to said at least one 
subsequent server (note paragraph [0031] of Makower et al.). 
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For claims 24, 50 and 77, examiner takes official notice that the structure of the 
token is programmable by the administrator of the domain. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to have the structure of the token be programmable by the administrator of the 
domain. It is well known in the art to give administrators the option to customize the 
security elements of a network in order to create a network that is best suited for their 
needs. 

For claims 25, 51 and 78, the combination of Makower et al. and Cuomo et al. 
teaches the method of claims 1 , 27 and 54, wherein said method further comprises 
performing by the domain controller at least one of retiring the token or purging the 
token subsequent to said translating (note paragraph [0045] of Makower et aL). 

For claims 26, 52 and 79, the combination of Makower et al. teach and Cuomo et 
al. teach the methods of 1 , 27 and 54, wherein said method further comprises means 
for employing a secure protocol to transfer said request and said token reference from 
said initial server to at least one said subsequent server (note paragraph [0022] of 
Makower et al.). 

Conclusion 

5. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David J. Pearson whose telephone number is (571) 272- 
071 1. The examiner can normally be reached on Monday - Friday, 8:00am - 4:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

/ 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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